From e8a0ae186ffaa71ff70170ccd9c2e5e444b1a8ba Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 18 Jan 2021 10:35:01 +0100
Subject: [PATCH] Fix memsize check for xxh32

Copy-paste mistake: The memsize limit for xxh32 should be 16,
rather than 32 (which is correct for xxh64).

Probably fixes oss-fuzz #29661.
---
 ext/hash/hash_xxhash.c                         | 2 +-
 ext/hash/tests/xxhash_unserialize_memsize.phpt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/hash/hash_xxhash.c b/ext/hash/hash_xxhash.c
index 3edcdfc9636..8ce5fcfc7fa 100644
--- a/ext/hash/hash_xxhash.c
+++ b/ext/hash/hash_xxhash.c
@@ -84,7 +84,7 @@ static int php_hash_xxh32_unserialize(
 	int r = FAILURE;
 	if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
 		&& (r = php_hash_unserialize_spec(hash, zv, PHP_XXH32_SPEC)) == SUCCESS
-		&& ctx->s.memsize < 32) {
+		&& ctx->s.memsize < 16) {
 		return SUCCESS;
 	} else {
 		return r != SUCCESS ? r : -2000;
diff --git a/ext/hash/tests/xxhash_unserialize_memsize.phpt b/ext/hash/tests/xxhash_unserialize_memsize.phpt
index 36750505c94..6de78ee0711 100644
--- a/ext/hash/tests/xxhash_unserialize_memsize.phpt
+++ b/ext/hash/tests/xxhash_unserialize_memsize.phpt
@@ -4,7 +4,7 @@ xxhash memsize must be in range when unserializing
 <?php
 try {
     $str = <<<'STR'
-    O:11:"HashContext":5:{i:0;s:5:"xxh32";i:1;i:0;i:2;a:12:{i:0;i:0;i:1;i:0;i:2;i:606290984;i:3;i:-2048144777;i:4;i:0;i:5;i:1640531535;i:6;i:0;i:7;i:0;i:8;i:0;i:9;i:0;i:10;i:80;i:11;i:0;}i:3;i:2;i:4;a:0:{}}
+    O:11:"HashContext":5:{i:0;s:5:"xxh32";i:1;i:0;i:2;a:12:{i:0;i:0;i:1;i:0;i:2;i:606290984;i:3;i:-2048144777;i:4;i:0;i:5;i:1640531535;i:6;i:0;i:7;i:0;i:8;i:0;i:9;i:0;i:10;i:30;i:11;i:0;}i:3;i:2;i:4;a:0:{}}
     STR;
     $hash = unserialize($str);
     hash_update($hash, '');